diff options
Diffstat (limited to 'src/test/ui/const-ptr')
-rw-r--r-- | src/test/ui/const-ptr/allowed_slices.rs | 105 | ||||
-rw-r--r-- | src/test/ui/const-ptr/forbidden_slices.32bit.stderr | 261 | ||||
-rw-r--r-- | src/test/ui/const-ptr/forbidden_slices.64bit.stderr | 261 | ||||
-rw-r--r-- | src/test/ui/const-ptr/forbidden_slices.rs | 98 | ||||
-rw-r--r-- | src/test/ui/const-ptr/out_of_bounds_read.rs | 15 | ||||
-rw-r--r-- | src/test/ui/const-ptr/out_of_bounds_read.stderr | 55 |
6 files changed, 795 insertions, 0 deletions
diff --git a/src/test/ui/const-ptr/allowed_slices.rs b/src/test/ui/const-ptr/allowed_slices.rs new file mode 100644 index 000000000..3f19cd4d8 --- /dev/null +++ b/src/test/ui/const-ptr/allowed_slices.rs @@ -0,0 +1,105 @@ +// run-pass +#![feature( + slice_from_ptr_range, + const_slice_from_ptr_range, + pointer_byte_offsets, + const_pointer_byte_offsets +)] +use std::{ + mem::MaybeUninit, + ptr, + slice::{from_ptr_range, from_raw_parts}, +}; + +// Dangling is ok, as long as it's either for ZST reads or for no reads +pub static S0: &[u32] = unsafe { from_raw_parts(dangling(), 0) }; +pub static S1: &[()] = unsafe { from_raw_parts(dangling(), 3) }; + +// References are always valid of reads of a single element (basically `slice::from_ref`) +pub static S2: &[u32] = unsafe { from_raw_parts(&D0, 1) }; +pub static S3: &[MaybeUninit<&u32>] = unsafe { from_raw_parts(&D1, 1) }; + +// Reinterpreting data is fine, as long as layouts match +pub static S4: &[u8] = unsafe { from_raw_parts((&D0) as *const _ as _, 3) }; +// This is only valid because D1 has uninitialized bytes, if it was an initialized pointer, +// that would reinterpret pointers as integers which is UB in CTFE. +pub static S5: &[MaybeUninit<u8>] = unsafe { from_raw_parts((&D1) as *const _ as _, 2) }; +// Even though u32 and [bool; 4] have different layouts, D0 has a value that +// is valid as [bool; 4], so this is not UB (it's basically a transmute) +pub static S6: &[bool] = unsafe { from_raw_parts((&D0) as *const _ as _, 4) }; + +// Structs are considered single allocated objects, +// as long as you don't reinterpret padding as initialized +// data everything is ok. +pub static S7: &[u16] = unsafe { + let ptr = (&D2 as *const Struct as *const u16).byte_add(4); + + from_raw_parts(ptr, 3) +}; +pub static S8: &[MaybeUninit<u16>] = unsafe { + let ptr = &D2 as *const Struct as *const MaybeUninit<u16>; + + from_raw_parts(ptr, 6) +}; + +pub static R0: &[u32] = unsafe { from_ptr_range(dangling()..dangling()) }; +// from_ptr_range panics on zst +//pub static R1: &[()] = unsafe { from_ptr_range(dangling(), dangling().byte_add(3)) }; +pub static R2: &[u32] = unsafe { + let ptr = &D0 as *const u32; + from_ptr_range(ptr..ptr.add(1)) +}; +pub static R3: &[MaybeUninit<&u32>] = unsafe { + let ptr = &D1 as *const MaybeUninit<&u32>; + from_ptr_range(ptr..ptr.add(1)) +}; +pub static R4: &[u8] = unsafe { + let ptr = &D0 as *const u32 as *const u8; + from_ptr_range(ptr..ptr.add(3)) +}; +pub static R5: &[MaybeUninit<u8>] = unsafe { + let ptr = &D1 as *const MaybeUninit<&u32> as *const MaybeUninit<u8>; + from_ptr_range(ptr..ptr.add(2)) +}; +pub static R6: &[bool] = unsafe { + let ptr = &D0 as *const u32 as *const bool; + from_ptr_range(ptr..ptr.add(4)) +}; +pub static R7: &[u16] = unsafe { + let d2 = &D2; + let l = &d2.b as *const u32 as *const u16; + let r = &d2.d as *const u8 as *const u16; + + from_ptr_range(l..r) +}; +pub static R8: &[MaybeUninit<u16>] = unsafe { + let d2 = &D2; + let l = d2 as *const Struct as *const MaybeUninit<u16>; + let r = &d2.d as *const u8 as *const MaybeUninit<u16>; + + from_ptr_range(l..r) +}; + +// Using valid slice is always valid +pub static R9: &[u32] = unsafe { from_ptr_range(R0.as_ptr_range()) }; +pub static R10: &[u32] = unsafe { from_ptr_range(R2.as_ptr_range()) }; + +const D0: u32 = (1 << 16) | 1; +const D1: MaybeUninit<&u32> = MaybeUninit::uninit(); +const D2: Struct = Struct { a: 1, b: 2, c: 3, d: 4 }; + +const fn dangling<T>() -> *const T { + ptr::NonNull::dangling().as_ptr() as _ +} + +#[repr(C)] +struct Struct { + a: u8, + // _pad: [MaybeUninit<u8>; 3] + b: u32, + c: u16, + d: u8, + // _pad: [MaybeUninit<u8>; 1] +} + +fn main() {} diff --git a/src/test/ui/const-ptr/forbidden_slices.32bit.stderr b/src/test/ui/const-ptr/forbidden_slices.32bit.stderr new file mode 100644 index 000000000..82a3c92e6 --- /dev/null +++ b/src/test/ui/const-ptr/forbidden_slices.32bit.stderr @@ -0,0 +1,261 @@ +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | &*ptr::slice_from_raw_parts(data, len) + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | dereferencing pointer failed: null pointer is a dangling pointer (it has no provenance) + | inside `std::slice::from_raw_parts::<u32>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:18:34 + | +LL | pub static S0: &[u32] = unsafe { from_raw_parts(ptr::null(), 0) }; + | ------------------------------ inside `S0` at $DIR/forbidden_slices.rs:18:34 + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | &*ptr::slice_from_raw_parts(data, len) + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | dereferencing pointer failed: null pointer is a dangling pointer (it has no provenance) + | inside `std::slice::from_raw_parts::<()>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:19:33 + | +LL | pub static S1: &[()] = unsafe { from_raw_parts(ptr::null(), 0) }; + | ------------------------------ inside `S1` at $DIR/forbidden_slices.rs:19:33 + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | &*ptr::slice_from_raw_parts(data, len) + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | dereferencing pointer failed: ALLOC_ID has size 4, so pointer to 8 bytes starting at offset 0 is out-of-bounds + | inside `std::slice::from_raw_parts::<u32>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:22:34 + | +LL | pub static S2: &[u32] = unsafe { from_raw_parts(&D0, 2) }; + | ---------------------- inside `S2` at $DIR/forbidden_slices.rs:22:34 + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:25:1 + | +LL | pub static S4: &[u8] = unsafe { from_raw_parts((&D1) as *const _ as _, 1) }; + | ^^^^^^^^^^^^^^^^^^^^ constructing invalid value at .<deref>[0]: encountered uninitialized bytes + | + = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. + = note: the raw bytes of the constant (size: 8, align: 4) { + ╾─ALLOC_ID─╼ 01 00 00 00 │ ╾──╼.... + } + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:27:1 + | +LL | pub static S5: &[u8] = unsafe { from_raw_parts((&D3) as *const _ as _, size_of::<&u32>()) }; + | ^^^^^^^^^^^^^^^^^^^^ unable to turn pointer into raw bytes + | + = help: this code performed an operation that depends on the underlying bytes representing a pointer + = help: the absolute address of a pointer is not known at compile-time, so such operations are not supported + = note: the raw bytes of the constant (size: 8, align: 4) { + ╾─ALLOC_ID─╼ 04 00 00 00 │ ╾──╼.... + } + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:29:1 + | +LL | pub static S6: &[bool] = unsafe { from_raw_parts((&D0) as *const _ as _, 4) }; + | ^^^^^^^^^^^^^^^^^^^^^^ constructing invalid value at .<deref>[0]: encountered 0x11, but expected a boolean + | + = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. + = note: the raw bytes of the constant (size: 8, align: 4) { + ╾─ALLOC_ID─╼ 04 00 00 00 │ ╾──╼.... + } + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:32:1 + | +LL | pub static S7: &[u16] = unsafe { + | ^^^^^^^^^^^^^^^^^^^^^ constructing invalid value: encountered an unaligned reference (required 2 byte alignment but found 1) + | + = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. + = note: the raw bytes of the constant (size: 8, align: 4) { + ╾─A_ID+0x1─╼ 04 00 00 00 │ ╾──╼.... + } + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | &*ptr::slice_from_raw_parts(data, len) + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | dereferencing pointer failed: ALLOC_ID has size 8, so pointer to 8 bytes starting at offset 1 is out-of-bounds + | inside `std::slice::from_raw_parts::<u64>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:43:5 + | +LL | from_raw_parts(ptr, 1) + | ---------------------- inside `S8` at $DIR/forbidden_slices.rs:43:5 + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | +LL | unsafe { intrinsics::ptr_offset_from_unsigned(self, origin) } + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | out-of-bounds offset_from: null pointer is a dangling pointer (it has no provenance) + | inside `ptr::const_ptr::<impl *const u32>::sub_ptr` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | + ::: $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | unsafe { from_raw_parts(range.start, range.end.sub_ptr(range.start)) } + | ------------------------------ inside `from_ptr_range::<u32>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:46:34 + | +LL | pub static R0: &[u32] = unsafe { from_ptr_range(ptr::null()..ptr::null()) }; + | ---------------------------------------- inside `R0` at $DIR/forbidden_slices.rs:46:34 + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | +LL | assert!(0 < pointee_size && pointee_size <= isize::MAX as usize); + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | the evaluated program panicked at 'assertion failed: 0 < pointee_size && pointee_size <= isize::MAX as usize', $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | inside `ptr::const_ptr::<impl *const ()>::sub_ptr` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | + ::: $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | unsafe { from_raw_parts(range.start, range.end.sub_ptr(range.start)) } + | ------------------------------ inside `from_ptr_range::<()>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:47:33 + | +LL | pub static R1: &[()] = unsafe { from_ptr_range(ptr::null()..ptr::null()) }; + | ---------------------------------------- inside `R1` at $DIR/forbidden_slices.rs:47:33 + | + = note: this error originates in the macro `assert` (in Nightly builds, run with -Z macro-backtrace for more info) + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | +LL | unsafe { intrinsics::offset(self, count) } + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | out-of-bounds pointer arithmetic: ALLOC_ID has size 4, so pointer to 8 bytes starting at offset 0 is out-of-bounds + | inside `ptr::const_ptr::<impl *const u32>::offset` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL +... +LL | unsafe { self.offset(count as isize) } + | --------------------------- inside `ptr::const_ptr::<impl *const u32>::add` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:50:25 + | +LL | from_ptr_range(ptr..ptr.add(2)) + | ---------- inside `R2` at $DIR/forbidden_slices.rs:50:25 + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:52:1 + | +LL | pub static R4: &[u8] = unsafe { + | ^^^^^^^^^^^^^^^^^^^^ constructing invalid value at .<deref>[0]: encountered uninitialized bytes + | + = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. + = note: the raw bytes of the constant (size: 8, align: 4) { + ╾ALLOC_ID─╼ 01 00 00 00 │ ╾──╼.... + } + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:57:1 + | +LL | pub static R5: &[u8] = unsafe { + | ^^^^^^^^^^^^^^^^^^^^ unable to turn pointer into raw bytes + | + = help: this code performed an operation that depends on the underlying bytes representing a pointer + = help: the absolute address of a pointer is not known at compile-time, so such operations are not supported + = note: the raw bytes of the constant (size: 8, align: 4) { + ╾ALLOC_ID─╼ 04 00 00 00 │ ╾──╼.... + } + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:62:1 + | +LL | pub static R6: &[bool] = unsafe { + | ^^^^^^^^^^^^^^^^^^^^^^ constructing invalid value at .<deref>[0]: encountered 0x11, but expected a boolean + | + = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. + = note: the raw bytes of the constant (size: 8, align: 4) { + ╾ALLOC_ID─╼ 04 00 00 00 │ ╾──╼.... + } + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:67:1 + | +LL | pub static R7: &[u16] = unsafe { + | ^^^^^^^^^^^^^^^^^^^^^ constructing invalid value: encountered an unaligned reference (required 2 byte alignment but found 1) + | + = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. + = note: the raw bytes of the constant (size: 8, align: 4) { + ╾A_ID+0x1─╼ 04 00 00 00 │ ╾──╼.... + } + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | +LL | unsafe { intrinsics::offset(self, count) } + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | out-of-bounds pointer arithmetic: ALLOC_ID has size 8, so pointer to 8 bytes starting at offset 1 is out-of-bounds + | inside `ptr::const_ptr::<impl *const u64>::offset` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL +... +LL | unsafe { self.offset(count as isize) } + | --------------------------- inside `ptr::const_ptr::<impl *const u64>::add` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:74:25 + | +LL | from_ptr_range(ptr..ptr.add(1)) + | ---------- inside `R8` at $DIR/forbidden_slices.rs:74:25 + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | +LL | unsafe { intrinsics::ptr_offset_from_unsigned(self, origin) } + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | `ptr_offset_from_unsigned` called on pointers into different allocations + | inside `ptr::const_ptr::<impl *const u32>::sub_ptr` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | + ::: $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | unsafe { from_raw_parts(range.start, range.end.sub_ptr(range.start)) } + | ------------------------------ inside `from_ptr_range::<u32>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:79:34 + | +LL | pub static R9: &[u32] = unsafe { from_ptr_range(&D0..(&D0 as *const u32).add(1)) }; + | ----------------------------------------------- inside `R9` at $DIR/forbidden_slices.rs:79:34 + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | +LL | unsafe { intrinsics::ptr_offset_from_unsigned(self, origin) } + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | `ptr_offset_from_unsigned` called on pointers into different allocations + | inside `ptr::const_ptr::<impl *const u32>::sub_ptr` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | + ::: $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | unsafe { from_raw_parts(range.start, range.end.sub_ptr(range.start)) } + | ------------------------------ inside `from_ptr_range::<u32>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:80:35 + | +LL | pub static R10: &[u32] = unsafe { from_ptr_range(&D0..&D0) }; + | ------------------------ inside `R10` at $DIR/forbidden_slices.rs:80:35 + +error: aborting due to 18 previous errors + +For more information about this error, try `rustc --explain E0080`. diff --git a/src/test/ui/const-ptr/forbidden_slices.64bit.stderr b/src/test/ui/const-ptr/forbidden_slices.64bit.stderr new file mode 100644 index 000000000..f88746af9 --- /dev/null +++ b/src/test/ui/const-ptr/forbidden_slices.64bit.stderr @@ -0,0 +1,261 @@ +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | &*ptr::slice_from_raw_parts(data, len) + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | dereferencing pointer failed: null pointer is a dangling pointer (it has no provenance) + | inside `std::slice::from_raw_parts::<u32>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:18:34 + | +LL | pub static S0: &[u32] = unsafe { from_raw_parts(ptr::null(), 0) }; + | ------------------------------ inside `S0` at $DIR/forbidden_slices.rs:18:34 + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | &*ptr::slice_from_raw_parts(data, len) + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | dereferencing pointer failed: null pointer is a dangling pointer (it has no provenance) + | inside `std::slice::from_raw_parts::<()>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:19:33 + | +LL | pub static S1: &[()] = unsafe { from_raw_parts(ptr::null(), 0) }; + | ------------------------------ inside `S1` at $DIR/forbidden_slices.rs:19:33 + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | &*ptr::slice_from_raw_parts(data, len) + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | dereferencing pointer failed: ALLOC_ID has size 4, so pointer to 8 bytes starting at offset 0 is out-of-bounds + | inside `std::slice::from_raw_parts::<u32>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:22:34 + | +LL | pub static S2: &[u32] = unsafe { from_raw_parts(&D0, 2) }; + | ---------------------- inside `S2` at $DIR/forbidden_slices.rs:22:34 + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:25:1 + | +LL | pub static S4: &[u8] = unsafe { from_raw_parts((&D1) as *const _ as _, 1) }; + | ^^^^^^^^^^^^^^^^^^^^ constructing invalid value at .<deref>[0]: encountered uninitialized bytes + | + = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. + = note: the raw bytes of the constant (size: 16, align: 8) { + ╾───────ALLOC_ID───────╼ 01 00 00 00 00 00 00 00 │ ╾──────╼........ + } + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:27:1 + | +LL | pub static S5: &[u8] = unsafe { from_raw_parts((&D3) as *const _ as _, size_of::<&u32>()) }; + | ^^^^^^^^^^^^^^^^^^^^ unable to turn pointer into raw bytes + | + = help: this code performed an operation that depends on the underlying bytes representing a pointer + = help: the absolute address of a pointer is not known at compile-time, so such operations are not supported + = note: the raw bytes of the constant (size: 16, align: 8) { + ╾───────ALLOC_ID───────╼ 08 00 00 00 00 00 00 00 │ ╾──────╼........ + } + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:29:1 + | +LL | pub static S6: &[bool] = unsafe { from_raw_parts((&D0) as *const _ as _, 4) }; + | ^^^^^^^^^^^^^^^^^^^^^^ constructing invalid value at .<deref>[0]: encountered 0x11, but expected a boolean + | + = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. + = note: the raw bytes of the constant (size: 16, align: 8) { + ╾───────ALLOC_ID───────╼ 04 00 00 00 00 00 00 00 │ ╾──────╼........ + } + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:32:1 + | +LL | pub static S7: &[u16] = unsafe { + | ^^^^^^^^^^^^^^^^^^^^^ constructing invalid value: encountered an unaligned reference (required 2 byte alignment but found 1) + | + = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. + = note: the raw bytes of the constant (size: 16, align: 8) { + ╾─────ALLOC_ID+0x1─────╼ 04 00 00 00 00 00 00 00 │ ╾──────╼........ + } + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | &*ptr::slice_from_raw_parts(data, len) + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | dereferencing pointer failed: ALLOC_ID has size 8, so pointer to 8 bytes starting at offset 1 is out-of-bounds + | inside `std::slice::from_raw_parts::<u64>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:43:5 + | +LL | from_raw_parts(ptr, 1) + | ---------------------- inside `S8` at $DIR/forbidden_slices.rs:43:5 + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | +LL | unsafe { intrinsics::ptr_offset_from_unsigned(self, origin) } + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | out-of-bounds offset_from: null pointer is a dangling pointer (it has no provenance) + | inside `ptr::const_ptr::<impl *const u32>::sub_ptr` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | + ::: $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | unsafe { from_raw_parts(range.start, range.end.sub_ptr(range.start)) } + | ------------------------------ inside `from_ptr_range::<u32>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:46:34 + | +LL | pub static R0: &[u32] = unsafe { from_ptr_range(ptr::null()..ptr::null()) }; + | ---------------------------------------- inside `R0` at $DIR/forbidden_slices.rs:46:34 + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | +LL | assert!(0 < pointee_size && pointee_size <= isize::MAX as usize); + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | the evaluated program panicked at 'assertion failed: 0 < pointee_size && pointee_size <= isize::MAX as usize', $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | inside `ptr::const_ptr::<impl *const ()>::sub_ptr` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | + ::: $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | unsafe { from_raw_parts(range.start, range.end.sub_ptr(range.start)) } + | ------------------------------ inside `from_ptr_range::<()>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:47:33 + | +LL | pub static R1: &[()] = unsafe { from_ptr_range(ptr::null()..ptr::null()) }; + | ---------------------------------------- inside `R1` at $DIR/forbidden_slices.rs:47:33 + | + = note: this error originates in the macro `assert` (in Nightly builds, run with -Z macro-backtrace for more info) + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | +LL | unsafe { intrinsics::offset(self, count) } + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | out-of-bounds pointer arithmetic: ALLOC_ID has size 4, so pointer to 8 bytes starting at offset 0 is out-of-bounds + | inside `ptr::const_ptr::<impl *const u32>::offset` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL +... +LL | unsafe { self.offset(count as isize) } + | --------------------------- inside `ptr::const_ptr::<impl *const u32>::add` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:50:25 + | +LL | from_ptr_range(ptr..ptr.add(2)) + | ---------- inside `R2` at $DIR/forbidden_slices.rs:50:25 + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:52:1 + | +LL | pub static R4: &[u8] = unsafe { + | ^^^^^^^^^^^^^^^^^^^^ constructing invalid value at .<deref>[0]: encountered uninitialized bytes + | + = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. + = note: the raw bytes of the constant (size: 16, align: 8) { + ╾──────ALLOC_ID───────╼ 01 00 00 00 00 00 00 00 │ ╾──────╼........ + } + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:57:1 + | +LL | pub static R5: &[u8] = unsafe { + | ^^^^^^^^^^^^^^^^^^^^ unable to turn pointer into raw bytes + | + = help: this code performed an operation that depends on the underlying bytes representing a pointer + = help: the absolute address of a pointer is not known at compile-time, so such operations are not supported + = note: the raw bytes of the constant (size: 16, align: 8) { + ╾──────ALLOC_ID───────╼ 08 00 00 00 00 00 00 00 │ ╾──────╼........ + } + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:62:1 + | +LL | pub static R6: &[bool] = unsafe { + | ^^^^^^^^^^^^^^^^^^^^^^ constructing invalid value at .<deref>[0]: encountered 0x11, but expected a boolean + | + = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. + = note: the raw bytes of the constant (size: 16, align: 8) { + ╾──────ALLOC_ID───────╼ 04 00 00 00 00 00 00 00 │ ╾──────╼........ + } + +error[E0080]: it is undefined behavior to use this value + --> $DIR/forbidden_slices.rs:67:1 + | +LL | pub static R7: &[u16] = unsafe { + | ^^^^^^^^^^^^^^^^^^^^^ constructing invalid value: encountered an unaligned reference (required 2 byte alignment but found 1) + | + = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. + = note: the raw bytes of the constant (size: 16, align: 8) { + ╾────ALLOC_ID+0x1─────╼ 04 00 00 00 00 00 00 00 │ ╾──────╼........ + } + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | +LL | unsafe { intrinsics::offset(self, count) } + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | out-of-bounds pointer arithmetic: ALLOC_ID has size 8, so pointer to 8 bytes starting at offset 1 is out-of-bounds + | inside `ptr::const_ptr::<impl *const u64>::offset` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL +... +LL | unsafe { self.offset(count as isize) } + | --------------------------- inside `ptr::const_ptr::<impl *const u64>::add` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:74:25 + | +LL | from_ptr_range(ptr..ptr.add(1)) + | ---------- inside `R8` at $DIR/forbidden_slices.rs:74:25 + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | +LL | unsafe { intrinsics::ptr_offset_from_unsigned(self, origin) } + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | `ptr_offset_from_unsigned` called on pointers into different allocations + | inside `ptr::const_ptr::<impl *const u32>::sub_ptr` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | + ::: $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | unsafe { from_raw_parts(range.start, range.end.sub_ptr(range.start)) } + | ------------------------------ inside `from_ptr_range::<u32>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:79:34 + | +LL | pub static R9: &[u32] = unsafe { from_ptr_range(&D0..(&D0 as *const u32).add(1)) }; + | ----------------------------------------------- inside `R9` at $DIR/forbidden_slices.rs:79:34 + +error[E0080]: could not evaluate static initializer + --> $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | +LL | unsafe { intrinsics::ptr_offset_from_unsigned(self, origin) } + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | `ptr_offset_from_unsigned` called on pointers into different allocations + | inside `ptr::const_ptr::<impl *const u32>::sub_ptr` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | + ::: $SRC_DIR/core/src/slice/raw.rs:LL:COL + | +LL | unsafe { from_raw_parts(range.start, range.end.sub_ptr(range.start)) } + | ------------------------------ inside `from_ptr_range::<u32>` at $SRC_DIR/core/src/slice/raw.rs:LL:COL + | + ::: $DIR/forbidden_slices.rs:80:35 + | +LL | pub static R10: &[u32] = unsafe { from_ptr_range(&D0..&D0) }; + | ------------------------ inside `R10` at $DIR/forbidden_slices.rs:80:35 + +error: aborting due to 18 previous errors + +For more information about this error, try `rustc --explain E0080`. diff --git a/src/test/ui/const-ptr/forbidden_slices.rs b/src/test/ui/const-ptr/forbidden_slices.rs new file mode 100644 index 000000000..e2184911f --- /dev/null +++ b/src/test/ui/const-ptr/forbidden_slices.rs @@ -0,0 +1,98 @@ +// stderr-per-bitwidth +// normalize-stderr-test "alloc[0-9]+" -> "ALLOC_ID" +// normalize-stderr-test "a[0-9]+\+0x" -> "A_ID+0x" +// error-pattern: could not evaluate static initializer +#![feature( + slice_from_ptr_range, + const_slice_from_ptr_range, + pointer_byte_offsets, + const_pointer_byte_offsets +)] +use std::{ + mem::{size_of, MaybeUninit}, + ptr, + slice::{from_ptr_range, from_raw_parts}, +}; + +// Null is never valid for reads +pub static S0: &[u32] = unsafe { from_raw_parts(ptr::null(), 0) }; +pub static S1: &[()] = unsafe { from_raw_parts(ptr::null(), 0) }; + +// Out of bounds +pub static S2: &[u32] = unsafe { from_raw_parts(&D0, 2) }; + +// Reading uninitialized data +pub static S4: &[u8] = unsafe { from_raw_parts((&D1) as *const _ as _, 1) }; //~ ERROR: it is undefined behavior to use this value +// Reinterpret pointers as integers (UB in CTFE.) +pub static S5: &[u8] = unsafe { from_raw_parts((&D3) as *const _ as _, size_of::<&u32>()) }; //~ ERROR: it is undefined behavior to use this value +// Layout mismatch +pub static S6: &[bool] = unsafe { from_raw_parts((&D0) as *const _ as _, 4) }; //~ ERROR: it is undefined behavior to use this value + +// Reading padding is not ok +pub static S7: &[u16] = unsafe { + //~^ ERROR: it is undefined behavior to use this value + let ptr = (&D2 as *const Struct as *const u16).byte_add(1); + + from_raw_parts(ptr, 4) +}; + +// Unaligned read +pub static S8: &[u64] = unsafe { + let ptr = (&D4 as *const [u32; 2] as *const u32).byte_add(1).cast::<u64>(); + + from_raw_parts(ptr, 1) +}; + +pub static R0: &[u32] = unsafe { from_ptr_range(ptr::null()..ptr::null()) }; +pub static R1: &[()] = unsafe { from_ptr_range(ptr::null()..ptr::null()) }; +pub static R2: &[u32] = unsafe { + let ptr = &D0 as *const u32; + from_ptr_range(ptr..ptr.add(2)) +}; +pub static R4: &[u8] = unsafe { + //~^ ERROR: it is undefined behavior to use this value + let ptr = (&D1) as *const MaybeUninit<&u32> as *const u8; + from_ptr_range(ptr..ptr.add(1)) +}; +pub static R5: &[u8] = unsafe { + //~^ ERROR: it is undefined behavior to use this value + let ptr = &D3 as *const &u32; + from_ptr_range(ptr.cast()..ptr.add(1).cast()) +}; +pub static R6: &[bool] = unsafe { + //~^ ERROR: it is undefined behavior to use this value + let ptr = &D0 as *const u32 as *const bool; + from_ptr_range(ptr..ptr.add(4)) +}; +pub static R7: &[u16] = unsafe { + //~^ ERROR: it is undefined behavior to use this value + let ptr = (&D2 as *const Struct as *const u16).byte_add(1); + from_ptr_range(ptr..ptr.add(4)) +}; +pub static R8: &[u64] = unsafe { + let ptr = (&D4 as *const [u32; 2] as *const u32).byte_add(1).cast::<u64>(); + from_ptr_range(ptr..ptr.add(1)) +}; + +// This is sneaky: &D0 and &D0 point to different objects +// (even if at runtime they have the same address) +pub static R9: &[u32] = unsafe { from_ptr_range(&D0..(&D0 as *const u32).add(1)) }; +pub static R10: &[u32] = unsafe { from_ptr_range(&D0..&D0) }; + +const D0: u32 = 0x11; +const D1: MaybeUninit<&u32> = MaybeUninit::uninit(); +const D2: Struct = Struct { a: 1, b: 2, c: 3, d: 4 }; +const D3: &u32 = &42; +const D4: [u32; 2] = [17, 42]; + +#[repr(C)] +struct Struct { + a: u8, + // _pad: [MaybeUninit<u8>; 3] + b: u32, + c: u16, + d: u8, + // _pad: [MaybeUninit<u8>; 1] +} + +fn main() {} diff --git a/src/test/ui/const-ptr/out_of_bounds_read.rs b/src/test/ui/const-ptr/out_of_bounds_read.rs new file mode 100644 index 000000000..9dd669180 --- /dev/null +++ b/src/test/ui/const-ptr/out_of_bounds_read.rs @@ -0,0 +1,15 @@ +// error-pattern: evaluation of constant value failed + +#![feature(const_ptr_read)] + +fn main() { + use std::ptr; + + const DATA: [u32; 1] = [42]; + + const PAST_END_PTR: *const u32 = unsafe { DATA.as_ptr().add(1) }; + + const _READ: u32 = unsafe { ptr::read(PAST_END_PTR) }; + const _CONST_READ: u32 = unsafe { PAST_END_PTR.read() }; + const _MUT_READ: u32 = unsafe { (PAST_END_PTR as *mut u32).read() }; +} diff --git a/src/test/ui/const-ptr/out_of_bounds_read.stderr b/src/test/ui/const-ptr/out_of_bounds_read.stderr new file mode 100644 index 000000000..52b173c4d --- /dev/null +++ b/src/test/ui/const-ptr/out_of_bounds_read.stderr @@ -0,0 +1,55 @@ +error[E0080]: evaluation of constant value failed + --> $SRC_DIR/core/src/ptr/mod.rs:LL:COL + | +LL | copy_nonoverlapping(src, tmp.as_mut_ptr(), 1); + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | memory access failed: alloc5 has size 4, so pointer to 4 bytes starting at offset 4 is out-of-bounds + | inside `std::ptr::read::<u32>` at $SRC_DIR/core/src/ptr/mod.rs:LL:COL + | + ::: $DIR/out_of_bounds_read.rs:12:33 + | +LL | const _READ: u32 = unsafe { ptr::read(PAST_END_PTR) }; + | ----------------------- inside `_READ` at $DIR/out_of_bounds_read.rs:12:33 + +error[E0080]: evaluation of constant value failed + --> $SRC_DIR/core/src/ptr/mod.rs:LL:COL + | +LL | copy_nonoverlapping(src, tmp.as_mut_ptr(), 1); + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | memory access failed: alloc5 has size 4, so pointer to 4 bytes starting at offset 4 is out-of-bounds + | inside `std::ptr::read::<u32>` at $SRC_DIR/core/src/ptr/mod.rs:LL:COL + | + ::: $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | +LL | unsafe { read(self) } + | ---------- inside `ptr::const_ptr::<impl *const u32>::read` at $SRC_DIR/core/src/ptr/const_ptr.rs:LL:COL + | + ::: $DIR/out_of_bounds_read.rs:13:39 + | +LL | const _CONST_READ: u32 = unsafe { PAST_END_PTR.read() }; + | ------------------- inside `_CONST_READ` at $DIR/out_of_bounds_read.rs:13:39 + +error[E0080]: evaluation of constant value failed + --> $SRC_DIR/core/src/ptr/mod.rs:LL:COL + | +LL | copy_nonoverlapping(src, tmp.as_mut_ptr(), 1); + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | memory access failed: alloc5 has size 4, so pointer to 4 bytes starting at offset 4 is out-of-bounds + | inside `std::ptr::read::<u32>` at $SRC_DIR/core/src/ptr/mod.rs:LL:COL + | + ::: $SRC_DIR/core/src/ptr/mut_ptr.rs:LL:COL + | +LL | unsafe { read(self) } + | ---------- inside `ptr::mut_ptr::<impl *mut u32>::read` at $SRC_DIR/core/src/ptr/mut_ptr.rs:LL:COL + | + ::: $DIR/out_of_bounds_read.rs:14:37 + | +LL | const _MUT_READ: u32 = unsafe { (PAST_END_PTR as *mut u32).read() }; + | --------------------------------- inside `_MUT_READ` at $DIR/out_of_bounds_read.rs:14:37 + +error: aborting due to 3 previous errors + +For more information about this error, try `rustc --explain E0080`. |